SNMP Versions
The main purpose of SNMP in network management
What is monitoring and managing devices on a network by collecting and organizing information?
Definition of network baseline in the context of performance monitoring
What is a network baseline is a record of the normal operating performance of a network, used as a reference to identify unusual behavior?
What does QoS aim to achieve in network traffic management?
It prioritizes critical network traffic to ensure consistent performance for key applications.
What is the main goal of the preparation step in incident response?
To establish tools, policies, and training to ensure readiness for cybersecurity incidents.
The SNMP version that first introduced message integrity and authentication
What is SNMPv3?
How does a baseline assist in detecting network anomalies?
It helps identify deviations from typical performance patterns, signaling potential issues such as cyberattacks or hardware failures.
List one protocol or method commonly used to implement QoS in a network.
Differentiated Services Code Point (DSCP) or Multiprotocol Label Switching (MPLS).
During containment, why is it important to isolate affected systems?
To prevent the spread of the incident to other systems or networks.
One key enhancement in SNMPv2 compared to SNMPv1
What is SNMPv2 introduced bulk data transfers, which improve efficiency by allowing multiple data items to be retrieved or set in a single request?
What factors might influence how often a network baseline should be updated?
Factors include network size, the addition of new devices, changes in traffic patterns, and emerging threats.
How does QoS impact video conferencing or streaming services?
QoS minimizes latency, jitter, and packet loss, ensuring smooth and uninterrupted video and audio quality.
How does the eradication step differ from containment?
Eradication involves removing the root cause of the incident, while containment focuses on stopping its spread.
The main advantage of using SNMPv3 over previous versions
What is enhanced security, including encryption, message integrity, and authentication?
Name two tools commonly used for creating and analyzing network baselines.
Wireshark and SolarWinds Network Performance Monitor.
Compare the goals of bandwidth reservation (e.g., MPLS) and traffic policing.
Bandwidth reservation ensures dedicated resources for critical traffic, while traffic policing enforces limits to prevent overuse or abuse of network resources.
What outcomes should be documented in the lessons learned phase?
Key takeaways, identified vulnerabilities, effectiveness of the response, and steps to prevent future incidents.
Explain how a strong incident response plan can reduce downtime and financial losses during a cybersecurity event. Provide at least two specific examples.
1. Rapid containment limits the spread of malware, reducing recovery time.
2. Clear communication plans minimize operational disruptions, ensuring quicker resumption of business functions.